Forum Discussion
Chris_Miller
Altostratus
AltostratusLimit Access to URI to HTTPS and IP
I'm interested in the best way to do this.
I want to limit access to the URI "/sample" to users from IP 1.1.1.1 while also only allowing said access to be HTTPS. If someone tries hitting it over HTTP...
naladar_65658Altostratus
AltostratusSorry I meant to comment on this earlier Chris, I just didn't get a chance. If I were going to tackle this I would plan on future expansion and changes. That would be easy to do using datagroups I think. I know it is different in version 10.x, but in 9.4 I would create one datagroup called "valid_uri", put /sample in it and/or /sample/
Then create another data group called "valid_addresses" that you can plug your 1.1.1.1 in to. Using the iRule below, it would check to see if the URI matches, if the address is coming from the valid address if the port is NOT 443, drop that request. Not real elegant looking, but it would definitely be able to be expanded in the future. You may have to check the iRule for bracket issues, I don't have a BIG-IP in front of me at the moment to test compile....
when HTTP_REQUEST {
set header_uri [string tolower [HTTP::uri]]
if { ([matchclass $header_uri starts_with $::valid_uri]) && ([matchclass [IP::client_addr] equals $::valid_addresses]) && not ([matchclass [TCP::local_port] equals 443])} {
discard
}
}
